Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1571 | 1 Aj-fork | 1 Aj-fork | 2017-07-10 | 5.0 MEDIUM | N/A |
| AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message. | |||||
| CVE-2004-1572 | 1 Aj-fork | 1 Aj-fork | 2017-07-10 | 5.0 MEDIUM | N/A |
| AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request. | |||||
| CVE-2004-1573 | 2 Aj-fork, Cutephp | 2 Aj-fork, Cutenews | 2017-07-10 | 7.2 HIGH | N/A |
| The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator. | |||||
| CVE-2004-1574 | 1 Vypress | 1 Vypres Messenger | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field. | |||||
| CVE-2004-1575 | 1 Apache | 1 Xerces-c\+\+ | 2017-07-10 | 5.0 MEDIUM | N/A |
| The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. | |||||
| CVE-2004-1576 | 1 Megalo | 1 Judge Dredd Dredd Vs. Death | 2017-07-10 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a chat message. | |||||
| CVE-2004-1577 | 1 Greg Donald | 1 Phplinks | 2017-07-10 | 5.0 MEDIUM | N/A |
| index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message. | |||||
| CVE-2004-1578 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. | |||||
| CVE-2004-1579 | 1 Devellion | 1 Cubecart | 2017-07-10 | 5.0 MEDIUM | N/A |
| index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. | |||||
| CVE-2004-1580 | 1 Devellion | 1 Cubecart | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2004-1581 | 1 Blackboard | 1 Blackboard | 2017-07-10 | 5.0 MEDIUM | N/A |
| BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-1582 | 1 Blackboard Internet Newsboard System | 1 Blackboard Internet Newsboard System | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php. | |||||
| CVE-2004-1584 | 1 Wordpress | 1 Wordpress | 2017-07-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. | |||||
| CVE-2004-1585 | 1 Jera Technology | 1 Flash Messaging | 2017-07-10 | 5.0 MEDIUM | N/A |
| Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters. | |||||
| CVE-2004-1587 | 1 Monolith Productions | 4 Alien Versus Predator, Blood, No One Lives Forever and 1 more | 2017-07-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query. | |||||
| CVE-2004-1588 | 1 Gosmart | 1 Gosmart Message Board | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp. | |||||
| CVE-2004-1589 | 1 Gosmart | 1 Gosmart Message Board | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp. | |||||
| CVE-2004-1590 | 1 Clientexec | 1 Clientexec | 2017-07-10 | 5.0 MEDIUM | N/A |
| Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2004-1591 | 1 Micronet | 1 Sp916bm | 2017-07-10 | 7.5 HIGH | N/A |
| The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access. | |||||
| CVE-2004-1592 | 1 Ocportal | 1 Ocportal | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script. | |||||